From: Min M Xu <[email protected]> SecTpmMeasurementLitTdx is an instance of TpmMeasurementLib. It is designed to used in a Td guest. This lib measures and logs data, and extendx the measurement result into a specific RTMR.
SecTpmMeasurementLibTdx is a refactored lib of OvmfPkg/Library/SecMeasurementLibTdx and it just copies GetMappedRtmrIndex/TdxMeasureAndLogData from that lib. At the end of this patch-set SecMeasurementLibTdx will be deleted. Cc: Jiewen Yao <[email protected]> Cc: Jian J Wang <[email protected]> Signed-off-by: Min Xu <[email protected]> --- .../SecTpmMeasurementLibTdx.c | 176 ++++++++++++++++++ .../SecTpmMeasurementLibTdx.inf | 34 ++++ SecurityPkg/SecurityPkg.dsc | 2 + 3 files changed, 212 insertions(+) create mode 100644 SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c create mode 100644 SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf diff --git a/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c new file mode 100644 index 000000000000..38887b172dc0 --- /dev/null +++ b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c @@ -0,0 +1,176 @@ +/** @file + This library is used by other modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> +#include <Guid/CcEventHob.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/HashLib.h> +#include <Library/HobLib.h> +#include <Library/PrintLib.h> +#include <IndustryStandard/Tpm20.h> +#include <Protocol/CcMeasurement.h> +#include <Library/TpmMeasurementLib.h> + +#pragma pack(1) + +typedef struct { + UINT32 Count; + TPMI_ALG_HASH HashAlg; + BYTE Sha384[SHA384_DIGEST_SIZE]; +} TDX_DIGEST_VALUE; + +#pragma pack() + +#define INVALID_PCR2MR_INDEX 0xFF + +/** + Get the mapped RTMR index based on the input PCRIndex. + RTMR[0] => PCR[1,7] + RTMR[1] => PCR[2,3,4,5] + RTMR[2] => PCR[8~15] + RTMR[3] => NA + Note: + PCR[0] is mapped to MRTD and should not appear here. + PCR[6] is reserved for OEM. It is not used. + + @param[in] PCRIndex The input PCR index + + @retval UINT8 The mapped RTMR index. +**/ +UINT8 +GetMappedRtmrIndex ( + IN UINT32 PCRIndex + ) +{ + UINT8 RtmrIndex; + + if ((PCRIndex == 6) || (PCRIndex == 0) || (PCRIndex > 15)) { + DEBUG ((DEBUG_ERROR, "Invalid PCRIndex(%d) map to MR Index.\n", PCRIndex)); + ASSERT (FALSE); + return INVALID_PCR2MR_INDEX; + } + + RtmrIndex = 0; + if ((PCRIndex == 1) || (PCRIndex == 7)) { + RtmrIndex = 0; + } else if ((PCRIndex >= 2) && (PCRIndex < 6)) { + RtmrIndex = 1; + } else if ((PCRIndex >= 8) && (PCRIndex <= 15)) { + RtmrIndex = 2; + } + + return RtmrIndex; +} + +/** + Tpm measure and log data, and extend the measurement result into a specific PCR. + + @param[in] PcrIndex PCR Index. + @param[in] EventType Event type. + @param[in] EventLog Measurement event log. + @param[in] LogLen Event log length in bytes. + @param[in] HashData The start of the data buffer to be hashed, extended. + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +TpmMeasureAndLogData ( + IN UINT32 PcrIndex, + IN UINT32 EventType, + IN VOID *EventLog, + IN UINT32 LogLen, + IN VOID *HashData, + IN UINT64 HashDataLen + ) +{ + EFI_STATUS Status; + UINT32 RtmrIndex; + VOID *EventHobData; + TCG_PCR_EVENT2 *TcgPcrEvent2; + UINT8 *DigestBuffer; + TDX_DIGEST_VALUE *TdxDigest; + TPML_DIGEST_VALUES DigestList; + UINT8 *Ptr; + + if (!TdIsEnabled ()) { + return EFI_UNSUPPORTED; + } + + RtmrIndex = GetMappedRtmrIndex (PcrIndex); + if (RtmrIndex == INVALID_PCR2MR_INDEX) { + return EFI_INVALID_PARAMETER; + } + + DEBUG ((DEBUG_INFO, "Creating TdTcg2PcrEvent PCR[%d]/RTMR[%d] EventType 0x%x\n", PcrIndex, RtmrIndex, EventType)); + + Status = HashAndExtend ( + RtmrIndex, + (VOID *)HashData, + HashDataLen, + &DigestList + ); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "Failed to HashAndExtend. %r\n", Status)); + return Status; + } + + // + // Use TDX_DIGEST_VALUE in the GUID HOB DataLength calculation + // to reserve enough buffer to hold TPML_DIGEST_VALUES compact binary + // which is limited to a SHA384 digest list + // + EventHobData = BuildGuidHob ( + &gCcEventEntryHobGuid, + sizeof (TcgPcrEvent2->PCRIndex) + sizeof (TcgPcrEvent2->EventType) + + sizeof (TDX_DIGEST_VALUE) + + sizeof (TcgPcrEvent2->EventSize) + LogLen + ); + + if (EventHobData == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Ptr = (UINT8 *)EventHobData; + // + // Initialize PcrEvent data now + // + RtmrIndex++; + CopyMem (Ptr, &RtmrIndex, sizeof (UINT32)); + Ptr += sizeof (UINT32); + CopyMem (Ptr, &EventType, sizeof (TCG_EVENTTYPE)); + Ptr += sizeof (TCG_EVENTTYPE); + + DigestBuffer = Ptr; + + TdxDigest = (TDX_DIGEST_VALUE *)DigestBuffer; + TdxDigest->Count = 1; + TdxDigest->HashAlg = TPM_ALG_SHA384; + CopyMem ( + TdxDigest->Sha384, + DigestList.digests[0].digest.sha384, + SHA384_DIGEST_SIZE + ); + + Ptr += sizeof (TDX_DIGEST_VALUE); + + CopyMem (Ptr, &LogLen, sizeof (UINT32)); + Ptr += sizeof (UINT32); + CopyMem (Ptr, EventLog, LogLen); + Ptr += LogLen; + + Status = EFI_SUCCESS; + return Status; +} diff --git a/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf new file mode 100644 index 000000000000..047d3aa80da6 --- /dev/null +++ b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf @@ -0,0 +1,34 @@ +## @file +# Provides RTMR based measurement functions for Intel Tdx guest. +# +# This library provides TpmMeasureAndLogData() in a TDX guest to measure and log data, and +# extend the measurement result into a specific RTMR. +# +# Copyright (c) 2022, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SecTpmMeasurementLibTdx + FILE_GUID = 1aeb641c-0324-47bd-b29d-e59671fc4106 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = TpmMeasurementLib|SEC + +[Sources] + SecTpmMeasurementLibTdx.c + +[Packages] + CryptoPkg/CryptoPkg.dec + MdeModulePkg/MdeModulePkg.dec + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[Guids] + gCcEventEntryHobGuid + +[LibraryClasses] + BaseLib + HashLib diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 0d8c997b2f40..d883747474e4 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -95,6 +95,7 @@ [LibraryClasses.X64.SEC] HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf + TpmMeasurementLib|SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf [LibraryClasses.X64.DXE_DRIVER] HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf @@ -292,6 +293,7 @@ [Components.X64] SecurityPkg/Library/HashLibTdx/HashLibTdx.inf + SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf [Components.IA32, Components.X64] SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -- 2.29.2.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90209): https://edk2.groups.io/g/devel/message/90209 Mute This Topic: https://groups.io/mt/91551451/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
